September 10, 2001

Chamber Music

Federal judges are about to make a crucial decision on workplace privacy, but you won't read about it in a court opinion. On September 11, the Judicial Conference of the United States, the organization with ultimate authority over the internal operation of the federal courts, will decide whether to approve or dismantle a computer program that monitors judges and their staff members when they use the Internet on the job. Defenders of the program say judges should accept the same invasions of privacy their decisions have imposed on other American workers.

But the truth is that the courts haven't ruled definitively on whether Internet browsing and e-mail should be treated as public or private. And so the judges face a momentous choice. If they turn off the monitoring software, the members of the Judicial Conference--composed of 27 judges of the federal appellate and district courts--can set an example that will help other employers resist the relentless expansion of Internet monitoring that is transforming the American workplace. But if they meekly surrender their own liberties, the judges will accelerate the entrenchment of a surveillance state.

The brief history of Internet monitoring in the judiciary shows how easy it is for large bureaucracies to eviscerate their employees' privacy without anyone thinking very hard about it. According to internal court documents, Leonidas Ralph Mecham, a powerful bureaucrat who directs the Administrative Office of the U.S. Courts (known as the AO), last December told the Judicial Conference's Committee on Automation and Technology that judges had been complaining about poor Internet response time because of increased traffic during business hours. After investigating, Mecham discovered that between 3 percent and 7 percent of the judiciary's browser traffic involved streaming media, such as audio and video downloads, which slow down servers by taking up bandwidth.

Concluding that the bulk of this traffic was unrelated to official activities and was placing a financial strain on the judiciary, Mecham decided in January to activate two filters on the firewall software that had been installed to identify potential hackers. (His job, after all, is to protect efficiency, not privacy, and he says he was acting with the approval of the Committee on Automation and Technology.) The filters were programmed to record downloads of mpeg movie files and MP3 music files and to generate reports that were sent to Mecham's deputy, Clarence Lee. If Lee decided the files were "inappropriate"--a vague and undefined standard--he would send a letter to the chief judge of the relevant circuit identifying the files and the computers from which they were downloaded and recommending disciplinary action.

The AO appears to have performed its task with enthusiasm. In a memo objecting to the monitoring program, Mary Schroeder, chief judge of the Ninth Circuit, recalled that Lee "apparently felt the information so urgent that he advised the manager of the hotel in which I was staying in Washington that a courier was en route with a high-priority, confidential message for me... Imagine my surprise to discover that use of the Internet to download music or movies had risen to the ranks of a national security issue." Worse, the reports were deeply embarrassing to the employees concerned: A letter Lee sent on March 5 contains a list of all the movies accessed by a particular user between 12:12 p.m. and 1:35 p.m., including /bigtits/bix/mer021/3.mpg and /personal4/fuckmovie/asian/07.mpg.

At the end of May, the Judicial Council of the Ninth Circuit decided to turn off the monitoring software for the courts under its administrative control, including the Eighth, Ninth, and Tenth Circuits. As Chief Judge Schroeder explained in a separate memo, the judges were concerned "about the propriety, and even the legality, of monitoring Internet usage by court employees" without their consent. In addition, "many judges were concerned that recording and monitoring information kept by the AO would be an inevitable part of any Senate confirmation process." Mecham peevishly responded that the decision to turn off the software might have compromised the security of the Tenth Circuit's website during the Timothy McVeigh trial, even though the technical staff of the Colorado district court subsequently found that it had not.

In a separate memo to the AO's general counsel on May 29, Judge Alex Kozinski of California, the leading opponent of the monitoring program, explained in detail why he had concluded that the monitoring policy "may have violated the privacy rights of hundreds of our employees and exposed the judiciary to the risk of civil liability (including statutory damages of $10,000 per violation) under the federal wiretap statute." The relevant law, the Electronic Communications Privacy Act, imposes civil and criminal liability on any person who "intentionally intercepts ... any wire, oral, or electronic communication." The privacy act allows the interception of communications with the consent of one of the parties concerned, but Kozinski noted that Mecham had installed the monitoring program without notifying the vast majority of judicial employees, let alone securing their consent. Kozinski was especially incredulous because the AO had issued a memo in 1996 warning local courts that surreptitious monitoring is probably illegal and shouldn't be allowed without the consent of all users. For these reasons, Kozinski tentatively concluded that "the policy has violated and continues to violate the federal wiretap statute"; that "we may have a duty to notify our staff all over the country that their rights have been violated and civil remedies might be available to them"; that "we may also have a duty to notify the Justice Department and give it an opportunity to start a [criminal] investigation"; and that "if there is a possible criminal investigation ... some thought ought to be given to hiring a private lawyer for Mr. Lee."

Moving beyond the legal questions, Kozinski pointed out in a follow-up memo how dangerous it is for judges to allow unaccountable bureaucrats to decide what kind of Internet use is "appropriate." "Is it legitimate for employees to read newspapers online?" he asked. "To see Chief Justice Rehnquist speak in streaming video? To listen to streaming audio while at work? (If not, why have we all been given computers with speakers?)" The chairman of the Committee on Automation and Technology, for example, is a judge who has cheerfully acknowledged that he spends a few minutes a day browsing the Nascar website, which includes streaming video. Does anyone think this is wrong? "We cannot leave such judgments to the people who run the AO--whose only interest seems to be what smut some poor deputy clerk is looking at during his lunch break," Kozinski concluded.

Rather than respond directly to Kozinski's memo, Mecham dug in his heels. The AO insisted tendentiously that the monitoring was necessary to protect the judiciary from embarrassment and legal liability, even though the program arguably had the opposite effect. Mecham also told some judges that Chief Justice Rehnquist supported the monitoring policy, even though Rehnquist has not publicly expressed an opinion on it. Then, on July 27, the Committee on Automation and Technology, which is staffed by judges sympathetic to Mecham, recommended that the full Judicial Conference endorse and expand the monitoring program when it meets in September. "To guarantee beyond doubt that adequate notice will have been given," the committee recommended that each court prominently display a banner notice on every computer screen declaring that Internet use may be "viewed and recorded, that the employee's use of the system constitutes consent to such viewing and recording, and that uses inconsistent with applicable use policy may result in disciplinary action."

If it approves the banner warnings, the Judicial Conference will protect the monitoring program against the most powerful legal attack: that employees can't consent to surveillance when they're not aware of it. (The Supreme Court hasn't yet decided, however, whether consent to monitoring can be freely given when it's obtained at the cost of losing your job.) But, although two-thirds of federal agencies have adopted similarly sweeping banner warnings, nothing in the law compels employers to adopt the most invasive monitoring possible. And, happily, some courageous judges have joined Kozinski's crusade. On August 18 Judge Edith Jones of the Fifth Circuit--an enthusiastic conservative who was on George H.W. Bush's Supreme Court shortlist--produced an especially stinging critique. In a letter to Judge Edwin Nelson of Alabama, chair of the Committee on Automation and Technology, Jones objected that the new monitoring program would perpetuate, rather than alleviate, the problems of the old one. "The recommendations would advise judicial branch employees that no one, including judges, has any expectation of privacy in his use of government computers for Internet or e-mail purposes," she wrote. "This is the equivalent of sanctioning wiretapping of telephones or searches of office files to 'prevent unauthorized use of government property.'"

Rejecting the increasingly common assumption that employees must surrender all privacy rights as a condition of employment, Jones argued that the judiciary should have to show a serious and identifiable problem--involving genuine risk of security breaches, for example--for which blanket monitoring is the only solution. (She noted that the filtering software had discovered only a few dozen examples of misuse among the judiciary's 30,000 employees.) Adopting a formula used in First Amendment cases, Jones also suggested that, in the interest of privacy, the judiciary should adopt the least intrusive, rather than the most intrusive, means of discouraging Internet misuse. She noted that, after local courts were warned in March to discourage employees from viewing streaming audio, the downloading of music and movies dramatically declined. "If exhortation is sufficient to discourage inappropriate use," she asked, "why undertake random snooping?"

Some might detect a hint of special pleading in Jones's letter. She protests, for example, that "the demands of hierarchy, longstanding custom and common sense suggest that judges ought to decide autonomously on the appropriate types of Internet and computer use for their individual chambers," even though most public employers have no such luxury. This is consistent with the trend toward increasing judicial self-regard: Judges tend to be most outraged about invasions of privacy when their own is at stake. Is anyone surprised that the Supreme Court has found that random drug tests of urine are perfectly permissible for railway employees and student athletes but unconstitutional for judges? But if it takes a threat to their own privacy to alert federal judges to the dangers of workplace monitoring for the rest of us, so be it.

It's still unclear whether members of the Judicial Conference will challenge Mecham and defend the right to download porn when they meet in September. "I really don't know what's going to happen," says Kozinski. "But if we federal judges can't stop this thing, nobody can. We're not as afraid of liability as other people are--we're the ones who decide these cases, so we don't have the same exposure--and we have a bureaucracy that has basically run amok. If we manage to defeat this thing, there's a decent chance that some of these federal judges will realize that employees should have rights to say no to monitoring, even if an employer might demand it. If we can't stop this thing, we might as well resign ourselves to the fact that the computer is like a postcard, not like a telephone." Let's hope that America's federal judges, who are given life tenure so they can protect the liberties of other people, will have the courage to stand up for their own.

Jeffrey Rosen is legal affairs editor at The New Republic and president and CEO of the National Constitution Center.